From 94137e342014e1b71ee9b0cf534857572e4ba050 Mon Sep 17 00:00:00 2001
From: Daniel Markstedt <daniel@mindani.net>
Date: Thu, 7 May 2026 22:23:37 +0200
Subject: [PATCH] CVE-2026-45354: libatalk/dsi: guard cmdlen override to
 DSIWrite to prevent DoS

Reported-by: @TristanInSec
Signed-off-by: Daniel Markstedt <daniel@mindani.net>
---
 libatalk/dsi/dsi_stream.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libatalk/dsi/dsi_stream.c b/libatalk/dsi/dsi_stream.c
index e7eb33a23..677186b28 100644
--- a/libatalk/dsi/dsi_stream.c
+++ b/libatalk/dsi/dsi_stream.c
@@ -701,7 +701,8 @@ int dsi_stream_receive(DSI *dsi)
     }
 
     /* Receiving DSIWrite data is done in AFP function, not here */
-    if (dsi->header.dsi_data.dsi_doff) {
+    if (dsi->header.dsi_command == DSIFUNC_WRITE
+            && dsi->header.dsi_data.dsi_doff) {
         LOG(log_maxdebug, logtype_dsi, "dsi_stream_receive: write request");
         dsi->cmdlen = dsi->header.dsi_data.dsi_doff;
     }